Answer-first summary for fast verification
Answer: The combination of compute instance network tags and VPC firewall rules only allow SSH from the subnets IP range.
The correct answer is **D** because the combination of compute instance network tags and VPC firewall rules can restrict SSH traffic to only come from the subnets IP range. This means SSH traffic from within the VPC is accepted, but external SSH traffic is blocked. - **Option A** is incorrect because the question implies the instances have external IP addresses, so them being disabled is not the issue. - **Option B** is incorrect as having a static IP does not prevent SSH connections; properly configured firewall rules allow SSH even with ephemeral IPs. - **Option C** is incorrect because there's no such concept as cross-region SSH IAM permissions in Google Cloud. For more details, refer to [Google Cloud's documentation on using firewalls](https://cloud.google.com/vpc/docs/using-firewalls).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have two compute instances within the same VPC but located in different regions. While you can SSH from one instance to another using their internal IP addresses, attempts to do so via their external IP addresses fail. What could be the reason behind this SSH failure on external IP addresses?
A
The external IP address is disabled.
B
The compute instances have a static IP for their external IP.
C
The compute instances are not using the right cross-region SSH IAM permissions.
D
The combination of compute instance network tags and VPC firewall rules only allow SSH from the subnets IP range.
No comments yet.